<?php
include ("include.php");
$sanpham = new class_sanpham();
$langid = $HTTP_GET_VARS["langid"];
$type = $HTTP_GET_VARS["type"];
$which_page = $_GET['which_page'];
$catid = 0;
$subcatid = 0;

if ($langid == ""){
	$langid = 0;
}
$title = $arr_timkiem[$langid];

//Xu ly bien moi truong
if ($HTTP_SERVER_VARS['REQUEST_METHOD'] == "POST"){
	session_unregister('session_tukhoa');	$session_tukhoa = $tukhoa;	session_register('session_tukhoa');	
	session_unregister('session_giatu');	$session_giatu = $giatu;	session_register('session_giatu');	
	session_unregister('session_giaden');	$session_giaden = $giaden;	session_register('session_giaden');	
	session_unregister('session_donvi');	$session_donvi = $donvi;	session_register('session_donvi');	
}
$tukhoa = trim($session_tukhoa);
$giatu = (float)($session_giatu);
$giaden = (float)($session_giaden);
$donvi = $session_donvi;
$q = $tukhoa;           
$q = preg_replace("/ +/", ' ', $q);
//$q = str_replace(array("\\",";"), "", $q);  // remove ALL backslashes & remove ALL ";" -> for sql security: no (simple) injection of commands
$q = trim($q);


//Layout
$layout_file = $arr_layout[$langid][0];
include("html_layout.php");

//tim theo ten
$sql= "SELECT * FROM sanpham ";
if($langid > 0){
	$sql.=" WHERE (ten like '%$q%' or maso like '%$q%')  ";
}else{
	$sql.=" WHERE (ten_vn like '%$q%' or maso like '%$q%')  ";
}

$sql .= " order by maso ";	

/*
switch($type){
	case "name":
		$sql= "SELECT * FROM sanpham ";
		$sql.=" WHERE (ten like '%$q%' or maso like '%$q%')  ";
		$sql .= " order by maso ";	
		break;
	case "price":

		$sql= "SELECT * FROM sanpham ";
				
		if($giaden > 0){
			$sql.=" WHERE gia >= $giatu and gia <= $giaden  ";
		}else{
			$sql.=" WHERE gia >= $giatu  ";
		}
		
		$sql .= " and donvi = '$donvi' and langid='$langid' ";
		$sql .= " order by maso ";		
	
		break;
}
*/



//echo "$sql<br>";
$str_content = $sanpham->list_item($sql, 3, SP_IMAGES_SMALL_WIDTH, $which_page, "timkiem.php");
$str_htm = ereg_replace("@noidung@", "$str_content", $str_htm);

//Header Loading - CSS, Meta, Javascript ...
include("html_header.php");

//Body Loading - Date-Time, ...
include("html_body.php");	

//Menu include
include("html_menu.php");

//Modules include
include("modules.php");

print $str_htm;
?>